Security Alert

Phishing Alert – Sept. 24, 2018

Monday, Sept. 24 2018, many UA employees received a phishing email with from the email address amuir@BakerRipley.org with the subject title “Outlook Upgrade”.

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Student Phishing Alert – Sept. 7, 2018

Friday, Sept. 7, 2018, many UA students received a phishing email from the email address c.jain@csuohio.edu with the subject line Job Opportunity.

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

OIT to Add DUO to Additional UA Services

Monday, Sept. 10, 2018 DUO two-factor authentication will be applied to the Concur travel and expense management system and to UA Box cloud storage. This change will only impact active DUO users.  On Sept. 10, users that have active DUO accounts will begin to see the DUO prompt when logging into Concur or Box. Users who have not activated DUO will not notice any change, users will login with their username and password. This change will not impact users who have installed Box mobile or desktop apps such as Box Sync.

DUO is designed to protect the sensitive data held within user accounts like Concur and Box. The Office of Information Technology recommends that all UA faculty and staff activate DUO. To activate your account, visit duo.ua.edu. Please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu with any questions or concerns.

DUO Outage – Aug. 20, 2018

Update 2:40pm – DUO has resolved the issue. OIT has re-enabled the DUO requirement for UA services. DUO is expected to post a root cause analysis of the issue on their status page as soon as it becomes available. https://status.duo.com/

This issue impacted all users on the DUO1 deployment, many entities were impacted including our counterparts at other institutions. Thankfully, OIT was able to disable our DUO requirement, allowing users to gain access to UA services, such as myBama and Webmail without DUO.

We thank you for your patience in this issue. I’d like to take this opportunity to remind you that the OIT status page is always available to provide quick answers to service status questions. https://status.oit.ua.edu/


10:28am – Users may notice that systems that normally require DUO to permit access do not have the DUO prompt. We have temporarily disabled the DUO requirement while an issue is investigated. DUO is investigating the outage – https://status.duo.com/

Additional UA status updates are provided on the OIT Status site https://status.oit.ua.edu.

Students – Beware of Phishing Scams

During the summer months, many students receive phishing emails offering fake job and internship opportunities. The Office of Information Technology encourages students to be mindful of scams that pose as job offers. Review the red flags of phishing below to recognize any malicious emails in your Crimson inbox.

“Hackers know exactly what to say to get the attention of students,” said UA Chief Information Security Officer Ashley Ewing. “They often send students emails that say things about summer jobs or internships, because they know that’s what students are wanting to see in their inboxes.”

OIT urges students to understand and recognize the warning signs of a phishing email, so that students are able to decipher a real job offer from a phishing job offer.

  • Look at the “From” email address. Confirm that the @ address is the company that the sender says it is.
  • Hover over links to see the URL before you click.
  • Look for an official email signature.
  • If you didn’t apply for it, don’t open it.
  • Do not send sensitive data, like a social security number, over email.
  • Never provide financial information, like credit card numbers or bank account numbers, over email.

If students suspect they are a victim of a phishing attack, they are encouraged change their myBama password and to install DUO. For questions, please contact the IT Service Desk at 205-348-5555 with any questions.

Phishing Alert – June 21, 2018

Thursday, June 21, 2018, many UA students received a phishing email from the email address donarldjacksoncyberhost@gmail.com.

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Security Alert – Update Google Chrome

Multiple vulnerabilities have been discovered in the web browser Google Chrome. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. The most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions.

All Google Chrome versions prior to 67.0.3396.62 are vulnerable and should be updated.  If you have any questions, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

May 14, 2018 Phishing Attempt

Monday, May 14, 2018, many UA employees received a phishing email with the subject title “[UA Course]: New Course”

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

phishing attempt

April 24, 2018 Phishing Attempt

Tuesday, April 24, 2018, many UA employees received a phishing email with the subject title “Della Lorenzen sent you “file 3231””

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

Phishing Attempt

April 23, 2018 Phishing Attempt

Monday, April 23, 2018, many UA employees received a phishing email with the subject title “Microsoft: Action Required”

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

Phishing attempt